Saturday, May 20, 2017

With the clock ticking on whether a global hacking attack
would wipe out his data, Bolton Jiang had no intention of paying a 21st-century
ransom.

Since a week ago,
when the
malware first struck, Mr. Jiang has been busily fixing and replacing
computers at the electronics company where he works in Shanghai. Paying is a bother, he said, and there was no guarantee he would get his data back.

…A number of
people and companies have struck a defiant tone. The Japanese conglomerate Hitachi, which had
been identified in the news media as a victim, declined to confirm those
reports on Friday but said that it had no intention of paying a ransom and that
it aimed to be fully secure against
future attacks by Monday. [Sounds like they were not secure before.Bob]

…Yesterday, a tool called WannaKey hit Github promising free recovery
of data on PCs corrupted with Wanna Decrypter. This tool carried a number of caveats, though,
with a big one being that it's
exclusive to Windows XP, and the PC could not be rebooted after
being infected.

Today, another developer has built on WannaKey's abilities
and released wanakiwi, a tool with the same goal of recovering data, but
will work on all versions of
Windows between XP and 7(that includes Vista and server variants). Unfortunately, this wanakiwi carries the same
caveat of being useless after an infected PC has been rebooted.

The number of organizations that
fell prey to a recurring W-2 email scam that involved identity thieves posing
as company executives rose subatantially in 2017, an Internal Revenue
Service official said May 18.

[…]

In the first four months of 2017,
870 organizations reported to the IRS that they received a W-2 phishing email,
up from about 100 organizations in the first four months of 2016, Powell said. Of the 870 organizations, about 200
lost data, up from about 50 in 2016, she said.

Controversial cellphone tracking
technology is being deployed as a tool in President Donald Trump’s expanding
effort to arrest and deport illegal US residents.

In March, US Immigrations and
Customs Enforcement (ICE) deployed a cell-site simulator, often colloquially
referred to as a “Stingray,” to track a Michigan man in the country illegally,
according to recently unsealed court documents reported first by The Detroit News.

A federal appeals court has shot down a rule requiring
hobbyists to register their drones.

Appeals court judges in Washington, D.C. agreed on Friday with a drone enthusiast’s challenge to a
FAA requirement that all hobbyists register
their drones in a national database and pay a $5 fee.

…The court found
that the FAA’s drone registration rule, which debuted in Dec. 2015, conflicts
with previous federal legislation from 2012 that said that the FAA lacks the authority to regulate “model aircraft.”The appeals court categorizes drones as model
aircraft.

…“Congress is of
course always free to repeal or amend its 2012 prohibition on FAA rules
regarding model aircraft,” the judges said. “Perhaps Congress should do so. Perhaps not. In any event, we must follow the statute as
written.”

Apparently, this was not a joke?A whole new field for lawyers?Government legislation to require only lukewarm
coffee?

Joanne Mogavero, from Florida, suffered first and second
degree burns when the lid popped off a cup of coffee at a Starbucks in 2014, a
jury was told.

Her lawyers had argued that Starbucks should warn its
customers that lids could pop off.

The jury awarded Ms Mogavero $85,000 for pain and
suffering and more than $15,000 to
cover medical bills.

…In a statement,
Ms Mogavero's legal team said a Starbucks representative had testified during
the court hearing in Duval County, Florida, that the company gets 80 complaints
a month about problems with lids popping off or leaking.

…no matter how truthful, their timing (and risk analysis)
is terrible.Perhaps we should have
Canada build a fence?

Boeing Co on Friday rushed to fix a gamble that looks to
have gone wrong, with the defense unit of the U.S. plane maker seeking to fend
off a Canadian threat to scrap the purchase of 18 Super Hornet jets, a source
familiar with the matter told Reuters.

That move follows Canada's threat on Thursday that it
could ditch its plans to buy the jets if the United States backed Boeing's
claims that Canadian plane maker Bombardier Inc dumped jetliners in the U.S.
market.

Political insiders say the Liberal government of Prime
Minister Justin Trudeau is furious about Boeing's allegations, which comes at a
time when trade relations between the United States and Canada are at a low.

…He said Boeing
could lose $10 billion to $20 billion in military sales to Canada, encompassing
order for jets, helicopters and maritime surveillance planes.

…The U.S.
Commerce Department on Thursday launched an investigation into Boeing's claims.

"This is a strong shot across the bow to the United
States to say 'Shut this thing down pretty damn quickly,'" said a Canadian
defense industry source.

…The Boeing saga
further increases tensions between Canada and the United States in the run-up
to talks on renewing the North American Free Trade Agreement (NAFTA), with the
Trump administration on Thursday setting the clock ticking toward a mid-August
start of renegotiations..

London City Airport is installing a "digital air
traffic control tower" that will be operated by controllers sitting in an
English village about 70 miles away.

The new tower will use 14 high-definition cameras and
various sensors to provide a 360-degree view of the airfield. Live video and data will be sent to the remote
controllers via "super-fast secure fiber connections," the airport
said.

…The technology is currently only in use at two
remote northern airports in Sweden, though many others around the world are
expressing interest in the system, Beauchamp said.

The airport promises that the cameras and screens will
provide "a level of detail greater than the human eye."

…The airport and NATS say they have the tools to keep the new system safe from hackers
and other threats.[I wish they had said they were using
the tools…Bob]

India's largest restaurant and food delivery app Zomato
announced Thursday that the data of 17 million users had been stolen from its
database, including names, email addresses and protected passwords.

The startup said the "hashed" passwords could
not be decrypted but recommended users change their login details if they use
the same password for other services.

Zomato's chief technology officer Gunjan Patidar said
customers' financial information was stored separately from the stolen data and
was not compromised by the hack.

A black box attack is a logical attack against cash
dispensers. It requires gaining access
to the inner workings of the machine, usually, notes Europol, "by drilling
holes or melting."

Once access is achieved, the cash dispenser is
disconnected from its core working, and connected instead to the hacker's own
electronic device -- the so-called black box. The attacker then simply issues the necessary
commands to empty the cash dispenser; an act known as 'jackpotting', which
bypasses any need for a card or transaction authorization.

Since a black box attack simply empties the whole machine,
rather than attempting to extract available cash from an individual account, a
single successful attack can potentially steal hundreds of thousands of Euros.

The cost of “older operating systems.” Compare to the cost of updating?

In mid-march, Microsoft distributed a security
update after it detected the security flaw in its XP operating
system that enabled the so-called WannaCry ransomware to infiltrate and freeze
computers last week.

But the software giant only sent the free security update
-- or patch -- to users of the most recent version of the Windows 10 operating
system, the report said.

Users of older software, such as Windows XP, had to pay
hefty fees for technical support, it added.

"The high price highlights the quandary the world's
biggest software company faces as it tries to force customers to move to newer
and more secure software," it said.

A Microsoft spokesperson based in the United States told
AFP: "Microsoft offers custom support agreements as a stopgap
measure" for companies that choose not to upgrade their systems.

"To be clear, Microsoft would prefer that companies
upgrade and realise the full benefits of the latest version rather than choose
custom support."

According to the FT, the cost of updating older Windows
versions "went from $200 per devicein
2014, when regular support for XP ended, to $400the
following year," while some clients were asked to pay heftier fees.

The newspaper argued the high costs led Britain's National
Health Service -- one of the first victims of the WannaCry attack -- to not
proceed with updates.

Microsoft ended up distributing the free patch for the
older versions on Friday -- the day the ransomware was detected.

‘Smart’ contracts on the blockchain are generating a
lot of interest because of their innovative nature and potential to
substantially boost efficiency in many areas of law and business. But these contracts — digital agreements that
automatically fulfill themselves — come with serious limitations as well.

…In the paper, we
talk about four different categories of increasingly decentralized and
increasingly automated contracts. The first iswhat you described — what
we would call just an electronic
agreement.So you go to any
website that you sign up for, you click a button, and there is a link there. And you can see, typically, an incredibly long
and detailed contract that no one ever reads. But that is a human-readable contract. It’s the same contract you could get on paper.
It just happens to be on a screen.

One step from that is what Harry Surden, who’s a law
professor at [the University of Colorado at Boulder], calls a
“data-oriented contract.”So
let us now put the terms of the contract in machine-readable form, which limits
what we can do in that contract, but we can do it in ways that computers can at
least understand what it means to say “a hundred dollars,” or what it means to
say, “purchase this share of stock,” or something.

The next step is what Surden calls a “computable contract.”So now we are at the point where the machines
can, to some extent, process and enforce the contract. But there is still the fallback of the legal
system if something goes wrong.

A smart
contract, in theory at least, takes away the legal system entirely.Now there is nothing but that digital
agreement. That is the entirety of the
relationship, and everything from the negotiating of the agreement, all the way
to the full enforcement and clearing of the agreement, happens digitally.

I have visions (Okay, nightmares) of loading my pickup and
driving to New Jersey.

Uber today officially launched Uber Freight, the company’s
new service that will match truckers with companies who need cargo shipped
across the country.

Uber Freight has its own app, of course, which
is available today on iOS and Android. There’s
a sign-up page for drivers, who will be
vetted before they’re allowed to use the Uber Freight. The service “take[s] guesswork out of finding
and booking freight, which is often the most stressful part of a driver’s day,”
according to Uber, which says it’s dismantling a process that typically takes
“several hours and multiple phone calls.”

…The app is full of a list of available jobs
and the routes they require (say, Tulsa, OK to Memphis, TN), and each listing
tells the driver what they’ll be hauling and how much they’ll be paid. Once they arrive in that destination and make
the delivery they can then, like an Uber cab driver, find the next job.

…Lidl, pronounced
"Leedle," will go head to head with another German discounter, Aldi,
and other grocers using its well-honed strategy of operating no-frills, small
stores of about 20,000 square-feet and a heavy emphasis on store brands it says
are on par with national brands. Some
90% of merchandise will be its own products, a tactic that offers higher
margins and more control over inventory and offer low prices.

…Lidl, which is
well established in Europe with about 10,000 stores, could grow to have a $8.8
billion in sales by 2023 with 630 stores, according to a 2016 forecast by
Kantar Retail. And rivals are taking notice.

Walmart can spend hundreds of millions of dollars buying up online retailers. It can shatter more neighborhood stores. But it will never beat Amazon.

For a simple reason: it isn't a technology
company. It’s a retailer using
technology, and that’s not good enough to attract software developers—the
ultimate source of competitive advantage in the Internet space.

…Consensus is
that we’ve hit a tipping point and the retail industry is finally seeing some
major collateral damage from Amazon’s monster growth — and mainstream/non-tech
news has started giving this a lot of coverage. There is a lot of discussion about
whether Amazon’s advantage is sustainable or whether other retailers (namely,
Walmart) will be able to mitigate Amazon’s dominance as they start to replicate
Amazon’s model.

…This all said, I
believe that Amazon is the most defensible company on earth, and we haven’t
even begun to grasp the scale of its dominance over competitors. Amazon’s lead will only grow over the coming
decade, and I don’t think there is much that any other retailer can do to stop
it.

Why user interface designers must take cues from science
fiction and games

John Underkoffler gave an illuminating talk about the
future of computing interfaces — and how slow the tech industry has been about
creating new ones — at our recent GamesBeat Summit event
in Berkeley, Calif.

…Alex McDowell,
the production designer for the 2002 film Minority Report, had to
build the world behind Steven Spielberg’s film based on a short story by sci-fi
author Philip K. Dick. He turned to
Underkoffler for the science to help knit it all together.

In Freedom of Information Act
lawsuit EPIC
v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the
Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that
the FBI Cyber Division is to “notify and disseminate meaningful information to
victims and the CND [Computer Network Defense] community.” The Cyber Division specifically notifies the
“individual, organization, or corporation that is the owner or operator of the
computer at the point of compromise or intrusion.” The
analysis to determine whether or not to notify the victim, as well as FBI
procedures for approval or deferral of notification, the timing of
notification, the method of notification, and more were all redacted by the
agency.EPIC intends to
challenge theses withholdings. The FBI’s
response raises questions about whether the agency fulfilled the obligation to
properly notify the victims of the Russian cyberattacks.The Intelligence Community assessed
that both major US political parties were attacked. The FBI also produced notificationprocedures for threats to life or serious bodily injury,
and certain proceduresunder the Foreign
Intelligence Surveillance Act.Next
in the case, EPIC anticipates the release, on May 26, of FBI communications
with political organizations and federal agencies concerning the Russian
interference.

Amusing.Makes you
wonder where their lawyers were trained.(Is there a Trump School of Law?)Some interesting details in this long post!

On May 3, Kromtech Security’s research team, conducting
routine research, found that confidential and sensitive patient
information was exposed on a misconfigured rsync backup device.As best as they could determine, the data
were from patients of Bronx-Lebanon Hospital Center in New
York City, but the vendor responsible for the backup device was iHealth
Solutions.

As is also their practice, Kromtech downloaded some of the
data for verification and research purposes, then attempted to notify the
entities. Kromtech generally does not go
public with their findings until after they have been able to reach an entity
to ensure that the data are secured.

When Kromtech was not able to reach anyone on May 3
to notify them, they contacted DataBreaches.net to request assistance in trying
to contact the vendor or the hospital.It
took some time – including some frustratingly long calls to the
hospital to try to reach an actual person – but eventually, messages were
left for both the vendor and the hospital that they had a problem requiring
urgent attention.

On May 4, I was gratified to receive several phone calls
confirming that the data had been secured and thanking me for my efforts
to notify them.

It was a brief honeymoon.On May 9, Kromtech published their
report and I published my first
report on the incident without any statement from the hospital or vendor,
neither of whom had provided a promised statement.

Then on May 12, coordinated threat letters arrived via
email from external counsel for both iHealth and Bronx-Lebanon Hospital. DataBreaches.net understands that Kromtech
Security also received similar letters.

When you visit a site that features a tweet button or an
embedded tweet, Twitter is able to recognize that you’re on that site and use
that information to target you with ads. And now it’s going to hang onto that
information for a bit longer but give you more control over it.

At the same time Twitter is giving people more control
over how they are targeted, it is removing
support for Do Not Track, which people can use to ask every website
they visit not to track their behavior in order to target them with ads.

It will be a while before Google Lens is available, but
today it was the centrepiece of the keynote.

The app uses image recognition to identify objects
appearing in your camera lens in real-time. It means you can point a smartphone
at a flower and be told exactly what it is.

Or, and this feature drew a massive cheer here, you can
point it at the sticker on the back of a wifi router - the one containing the
long password you need to enter - and the app
will know it’s a wifi password and automatically connect you to the network
without the need for manual input. [A “must have” for my Ethical Hacking
students!Bob]

Other uses could be pointing it at a restaurant and
getting instant reviews or menus, or even scanning a menu in a different
language, having it translated, and being able to ask “what does that dish look
like?” and be shown a photograph of the meal.

4/ VPS - visual positioning system

Most of us are familiar with GPS - global positioning
system - but that technology can only get you so far. Though terrific for travelling around large
areas outside, GPS has real limitations when you need something more accurate.

Google thinks VPS - visual positioning system - is how to
fill that gap. Using Tango, a 3D
visualisation technology, VPS looks for recognisable objects around you to work
out where you are, with an accuracy of a few centimetres.

A day late and a dollar short? Does this mean taxis will charge like
Uber?

Washington, D.C., is enlisting Square Inc.’s
help as its taxi commission tries to help the city’s cabbies compete with Uber
drivers. By the end of August, all of
the taxis in Washington have to tear out their traditional meters and start
using smartphones or tablets, in what the city government has been describing
as a complete reimagining of how the cab system works. On Wednesday, the Department of For-Hire
Vehicles is announcing that Square will process the payments going through
those mobile devices.

How to add a few million potential customers in countries where
smartphones are a bottleneck…

Ola, the Uber of
India, has announced a partnership with Google to launch a so-called Progressive
Web App (PWA) designed to open its platform to millions of users who don’t
yet have the latest and greatest smartphones.

…Basically, they
offer many benefits over traditional native apps, including being lightweight
and requiring less data to operate. This
is key in emerging markets where access to affordable mobile internet and
powerful smartphones is limited.

“A record 46 million seniors live in the United States
today, and older Americans – those age 65 and older – now account for 15% of
the overall U.S. population. By 2050,
22% of Americans will be 65 and older, according to U.S. Census Bureau projections.
At the same time America is graying, recent Pew Research Center surveys find
that seniors are also moving towards more digitally connected lives. Around four-in-ten (42%) adults ages 65 and
older now report owning smartphones, up from just 18% in 2013. Internet use and home broadband adoption among
this group have also risen substantially. Today, 67% of seniors use the internet – a
55-percentage-point increase in just under two decades. And for the first time, half of older
Americans now have broadband at home.”

On Thursday, the European Union’s powerful
antitrust chief fined the social network 110 million euros, or about $122
million, for giving misleading statements during the company’s $19
billion acquisition of the internet messaging service WhatsApp in 2014.

The fine — one of
the largest regulatory penalties against Facebook — comes days after
Dutch and French privacy watchdogs ruled that the company had broken
strict data protection rules. Other
European countries, notably Germany, are
clamping down on social media companies, including issuing potentially
hefty penalties for failing to sufficiently police hate speech and
misinformation.

The European Union’s antitrust
chief, Margrethe Vestager, said that Facebook had told the European Commission, the
executive arm of the European Union, that the social network would not combine
the company’s data with that of WhatsApp, which has more than one billion
users.

Yet last August,
Facebook announced that it would
begin sharing WhatsApp data with the rest of the company. That could
allow it to gain an unfair advantage over rivals, by giving it
access to greater amounts of data to help support its online advertising
business.

…In response,
Facebook said that it had acted in good faith in its deliberations with
Europe’s antitrust officials, and that it would not appeal the financial
penalty.

“The errors we
made in our 2014 filings were not intentional,” Facebook said in a
statement. “The commission has
confirmed that they did not impact the outcome of the merger review.”

“A recently enhanced database that houses information
about civil and criminal federal cases dating to 1970 is now available to
researchers and the public on the Federal Judicial Center’s website
as part of a partnership with the Administrative Office of the U.S. Courts. The interactive database contains docket
information from district, appellate, and bankruptcy court filings and
terminations, including plaintiff and defendant names, filing date, termination
date, disposition of the case, type of lawsuit, jurisdiction, and docket
number. It excludes judges’ names as a
preventative measure against judge-shopping by plaintiffs. Use of the
database is free and it allows for multiyear data analyses.Data can be downloaded in annual and
multi-year batches, or users can select their target cases using the database’s
interactive feature. For several decades
it has been a frequent tool for academic researchers studying workload trends
in the federal Judiciary. For example,
it’s been used in the past to examine how plea bargaining and charging outcomes
have changed over time in response to changes in sentencing laws and to analyze
the market impacts of corporate lawsuits involving publicly traded companies. It is also useful as a sort of “shopping list”
for the PACER database, the federal Judiciary’s online service that makes
judicial opinions, motions, pleadings and other actual records of cases
available to the public. Using the
database on the FJC’s site in conjunction with PACER can help users zero in on
the types of records sought, saving unnecessary document downloads. The revamped database adds in some data sets
that were not in earlier versions: civil-case plaintiff and defendant names and
docket numbers. It will also be updated
with recent case information more frequently than in the past.

…Along with
biking directions that take you along the friendliest routes, Google Maps can
display elevation levels, which are pulled from geographical
data. If you are searching for the most
bicycle-friendly routes, take advantage of this information!

…Serious cyclists
don’t mind a hill or two. Because they know that if there’s a tough climb, then
there’s also a pleasant descent. Either
way, give Google Maps a try the next time you decide to push the pedals. There are many bicycling websites and bike apps that can help you find the best bike paths, and Google Maps should be one of
them.

I’m not a big fan either, but this may help me communicate
with my students.Also, Colorado seems
to be mentioned a lot.

I admit to not being and emjoi aficionado, so to make up
for this apparent deficit, I offer you The Emoji States of America – via
Axios Visuals Editor Lazaro Gamio:

“This visualization is a modified version
of Chernoff Faces, a technique that maps multiple statistical values to the
features of a face. Because it’s 2017, we expanded on the technique and made
Chernoff Emojis. Each part of the emoji is controlled by the state’s ranking in
a given metric, which range from the uninsured rate to the percent of adults
who report getting enough sleep.”

Eyebrows: The more furrowed the
brow, the lower a state ranks in the unemployment rate. (Worst: New
Mexico; best: Colorado)

Wednesday, May 17, 2017

The ransomware attack that stormed the world over the past
several days wasn’t the first to leverage the leaked EternalBlue/DoublePulsar
NSA hacking tools for distribution, Proofpoint researchers have discovered.

…Symptoms of
infection, however, aren’t as visible as with WannaCry: loss of access to
shared Windows resources and degradation of PC and server performance. What’s more, the malicious code also shuts
down SMB networking to prevent infections with other malware.

According to ProofPoint security researcher Kafeine, this attack might have been much larger than the
ransomware outbreak. Furthermore,
Kafeine suggests that,
because Adylkuzz specifically patched the vulnerability targeted by WannaCry,
it might have limited the latter’s infection.

What is certain, however, is that “the Adylkuzz campaign
significantly predates the WannaCry attack, beginning at least on May 2 and
possibly as early as April 24.” Kafeine
also notes that the infection is ongoing and
is potentially quite disruptive, although not as flashy as the
ransomware rampage.

…“For organizations running legacy versions of Windows or who
have not implemented the SMB patch that Microsoft released last month, PCs and
servers will remain vulnerable to this type of attack. Whether they involve ransomware,
cryptocurrency miners, or any other type of malware, these attacks are
potentially quite disruptive and costly. Two major campaigns have now employed the
attack tools and vulnerability; we expect others will follow and recommend that
organizations and individuals patch their machines as soon as possible,”
Kafeine says.

Online warfare already affects wreaks havoc on the physical world, and
it's only going to get worse.

The devastating effects of a massive cyberattack are no
more confined to a computer network than any other action carried out online. People use the computers and the internet all
the time to make things happen in the
physical world.

A cyberattack isn’t just a cyberattack. It’s an attack.

Hospitals, pharmacies, and major corporations like FedEx
and the Spanish telecommunications giant Telefonica were among the 200,000
victims hobbled by a global ransomware attack on Friday, which locked people’s
computers and demanded Bitcoin payment in exchange for access. In the United Kingdom, some hospitals canceled
procedures and other appointments as a result.

…Among the many
questions prompted by the fallout of the attack is an increasingly urgent one: At what point will a cyberattack prompt a more
traditional form of retaliation?More importantly: When should it?

…Join
SecurityWeek and Rapid7's Eric Sun for actionable takeaways from penetration
testing engagements, and see how customers are combining detection technologies
to find intruders earlier in the attack chain.

An 11-year-old "cyber ninja" stunned an
audience of security experts Tuesday by hacking into their bluetooth devices to
manipulate a teddy bear and show how interconnected smart toys "can be
weaponized".

American wunderkind Reuben Paul, may be
still only in 6th grade at his school in Austin, Texas, but he and his teddy
bear Bob wowed hundreds at a timely cyber security conference in The
Netherlands.

…"From
terminators to teddy bears, anything or any toy can be weaponised."

To demonstrate, he deployed his cuddly bear, which
connects to the icloud via wifi and bluetooth smart technology to receive and
transmit messages.

Plugging into his laptop a rogue device known as a
"raspberry pi" -- a small credit card size computer -- Reuben
scanned the hall for available bluetooth devices, and to everyone's amazement
including his own suddenly downloaded dozens of numbers including some of top
officials.

Then using a computer language programme, called Python,
he hacked into his bear via one of the numbers to turn on one of its lights and
record a message from the audience.

Is this the US equivalent of “By appointment to the Queen?”
And it’s free and open source!

In encryption push, Senate staff can now use Signal for
secure messaging

Without any fanfare, the Senate
Sergeant at Arms recently told Senate staffers that Signal, widely
considered by security researchers and experts to be the most secure encrypted
messaging app, has been approved for use.

The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch
privacy and encryption advocate, who recognized the effort to allow the
encrypted messaging app as one of many "important defensive
cybersecurity" measures introduced in the chamber.

As the scale and complexity of the cyber threat landscape
is revealed, so too is the general lack of cybersecurity readiness
in organizations, even those that spend hundreds of millions of dollars on
state-of-the-art technology. Investors
who have flooded the cybersecurity market in search for the next software
“unicorn” have yet to realize that when it comes to a risk as complex as
this one, there is no panacea — certainly not one that depends
on technology alone.

Spending millions on security technology can certainly
make an executive feel safe. But the
major sources of cyber threats aren’t technological. They’re found in the human brain, in the form
of curiosity, ignorance, apathy, and hubris. These human forms of malware can be
present in any organization and are every bit as dangerous as threats
delivered through malicious code.

With any cyber threat, the first and last line of defense
is prepared leaders and employees, whether they are inside an organization
or part of an interconnected supply chain.

Putin offers to provide Congress with details of Trump
disclosures to Russian envoys

Russian President Vladimir Putin said Wednesday he would
be willing to provide the U.S. Congress a record of President Trump’s meeting
with top Russian envoys, possibly offering new details on the disclosures of
reportedly highly classified intelligence information.

The remarkable offer for the Kremlin to share evidence
with U.S. oversight committees came with the caveat that the request for the
transcript would have to come from the Trump administration.

Another case of “I don’t get it.”They fine Facebook for what they did, but do
not order or even ask them to stop doing it.

…As part of their
separate announcements on Tuesday, the
Dutch and French
officials said that Facebook
had not provided people in their countries with sufficient control over how
their details are used. [How will user data be used 25 years from now?Bob]They said that the social network had
collected digital information on Facebook users as well as nonusers on
third-party websites without their knowledge.

The French
regulator, the Commission Nationale de l’Informatique et des Libertés, or CNIL,
said that it had fined Facebook 150,000 euros, or about $164,000, for failing
to meet France’s data protection
rules.

…Despite the
financial penalty, the agency has not ordered Facebook to alter how it handles
data on people in France who use the service.

Facebook promised to tackle fake news. But the evidence shows
it's not working

When Facebook’s new fact-checking system labeled a Newport Buzz
article as possible “fake news”, warning users against sharing it, something
unexpected happened. Traffic to the
story skyrocketed, according to Christian Winthrop, editor of the local Rhode
Island website.

“A bunch of conservative groups grabbed this and said,
‘Hey, they are trying to silence this blog – share, share share,’” said
Winthrop, who published the story that falsely claimed hundreds of thousands of
Irish people were brought to the US as slaves. “With Facebook trying to throttle it and say,
‘Don’t share it,’ it actually had the opposite effect.”

… Articles
formally debunked by Facebook’s fact-checking partners – including the
Associated Press, Snopes, ABC News and PolitiFact – frequently remain on the
site without the “disputed” tag warning users about the content. And when fake news stories do get branded as
potentially false, the label often comes after the story has already gone viral
and the damage has been done. Even in
those cases, it’s unclear to what extent the flag actually limits the spread of
propaganda.

Think of the potential for “lock-in!”Today, everyone has a smartphone. Tomorrow everyone might have an Amazon Echo,
if Jeff Bezos can make it portable!

Amazon’s Echo continues to grow. Its latest upgrade is the ability to make voice calls and send messages to other
Echo devices in the U.S. You could
already use IFTTT to send canned text messages through your Echo, but this
update expands that.

…To call someone,
make sure you have a contact for them in your phone that contains the same
phone number they have on their Amazon account.

To place a call, just say Alexa, call Mark.
Your Echo will light up with a green
ring during an incoming call, and your phone will chime too. Say Alexa, answer the call to
pick it up. If you don’t want to make a
live call, say Alexa, message Mom and tell your Echo what
you’d like to send. The recipient will
hear a chime and see a green ring, and can say Alexa, play my messages
to hear them later.

Simpler? Fixed
start, dump and end points.Fixed route
with trach cans that have sensors for easy location.Compare that to the random walk of personal
automobiles.Might work for some mail
delivery routes too.

The Swedish car maker has partnered with local waste
and garbage specialists Renova for
a project that’s setting out to explore “how automation can contribute to
enhanced traffic safety, improved working conditions, and lower environmental
impact,” according to a statement issued by Volvo.

Tuesday, May 16, 2017

Intelligence officials and private security experts say
that new digital clues point to North Korean-linked hackers as likely suspects
in the sweeping ransomware attacks that have crippled computer systems around
the world.

The indicators
are far from conclusive, the researchers warned, and it could be weeks, if not
months, before investigators are confident enough in their findings to
officially point the finger at Pyongyang’s increasingly bold corps of digital
hackers.

I wonder if this is also North Korea.They have some experience hacking film
studios.

A hacker or hackers claim to have stolen an unreleased
film from Walt Disney Co. and threatened to release it online unless the
company pays a ransom, Chief Executive Robert Iger told employees.

Speaking at a town hall for Disney's ABC News division
Monday where the topic of piracy was raised, Mr. Iger said Disney wouldn't pay
the ransom, according to a person who was present.

…The hackers have
threatened to first release five minutes of the movie and then more in
20-minute chunks, Mr. Iger told the Disney employees.

…It comes,
however, at a time of increased concern about digital vulnerabilities
throughout the business world, including in Hollywood. Hackers recently uploaded an entire season of
"Orange is the New Black" to online file-sharing services before
Netflix Inc. released the episodes on its streaming service.

Hackers in Vietnam have been
attacking foreign companies and other targets for years, seeking information
and using tactics that suggest links to the Vietnamese government, a
cybersecurity company said Monday.

The findings,
laid out in a
report released by the company, FireEye, come as companies and experts look
beyond traditional sources of attacks like China and Russia to deal with new or
rising threats. Smaller countries are
now trying their hand at hacking, experts say, as they seek to follow
dissidents, undermine enemies or comb corporate files for trade secrets.

…As Dame Fiona
writes, she had informed Royal Free and DeepMind in December that she "did
not believe that when the patient data was shared with Google DeepMind, implied
consent for direct care was an appropriate legal basis".

The Pentagon’s New Algorithmic Warfare Cell Gets Its First
Mission: Hunt ISIS

By year’s end, the Pentagon wants computers to be leading
the hunt for Islamic State militants in Iraq and Syria, through turning
countless hours of aerial surveillance video into actionable intelligence.

It’s part of Project
Maven, a fast-moving effort launched last month by Deputy Defense Secretary
Bob Work to accelerate, improve, and put to wider use the military’s use of
machine learning.

…Thousands of
military and civilian intelligence analysts are “overwhelmed” by the amount of
video being recorded over the battlefield. These analysts watch the video, looking for
abnormal activities. Right now, about 95
percent of the video shot by drone aircraft is from the campaign against ISIS in Iraq and Syria.

Question: Is there already a public transit App for Denver
and I just missed it?If not, why
not?I’d like to know if the bus will be
here in one minute or I just missed it and the next one won’t be here for a half
hour.

Uber app to display real-time public transit data so you can
easily combine modes of transport

…For this feature
— available only in the Android Uber app for now — the ride-hailing giant has
teamed up with Transit, a Canadian-headquartered
urban transport information service that operates in more than 125 cities
globally, to show live departure times whenever a rider’s destination is near a
transit stop.

Tapping on a specific departure will take the user to the
Transit app for full directions, service information, and so on.

While this may seem like a counterintuitive move for Uber,
given that it seems to be encouraging riders to use alternative transport, Uber
is actually acknowledging the ways people already use its service. They may take an Uber car to a train station
to travel a significant distance and then walk or jump into another Uber when
their train reaches its destination. So
this is Uber providing an element of conveniences to its users — it saves them
having to continuously switch between the Uber app and other transport data
services.

…“Their model is
[that] the product is almost a commodity,” Kahn notes. “They can control those products, but what
they’re differentiating on is the retail experience and technology.So, they take out all the pain points in
shopping, and they lock you in. Amazon Prime is the perfect example.”

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.